Overview

overview

8

Static

static

3

662dc9ad67...08.dll

windows7-x64

8

662dc9ad67...08.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    18-01-2024 22:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    662dc9ad67109d3dae66251b8a42fc08.dll

  • Size

    91KB

  • MD5

    662dc9ad67109d3dae66251b8a42fc08

  • SHA1

    3a1ad09c40fa0b3160ed2c8971005ec825eeabed

  • SHA256

    0299e4f365c1cae768a410d5a4e8d5d3c95a81b728a369fa8fa9a817af729a00

  • SHA512

    41dfb7e10fae4f1b635c9290c615f7e662c3eefd1e61005e5c686e8dd145e3d5de0716cdeedbbade33dabc3ee9c3349e2688d48d4ba4b6353e9b9baeb8bfa3de

  • SSDEEP

    1536:1UKQFTIohTcdh5jPPIEtvO1FyVRTE+R3u447vss7PMSYhuLCCCb:1UBFMohTc9jQEtG1FwmayLLSuA

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\662dc9ad67109d3dae66251b8a42fc08.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\662dc9ad67109d3dae66251b8a42fc08.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Drops file in System32 directory
      PID:1664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\tmp2541.tmp
    Filesize

    3KB

    MD5

    72bbfa8d5d7ba7d51d3d5673be9453d4

    SHA1

    9dbba73487144192cccc09b5242e3cf892795779

    SHA256

    2908aad5e1def4298d65635074c0fe274142d74a67209ef22f7ecde423b2cda6

    SHA512

    306b8fb472ddf6415d163195499a049f75e599e403ae02317cc3c2467364b0f9253c52640626dc446360d3f3d1bd7a8513585d4367fe21816ea3a2f86281f5d5

    Download Submit

  • C:\name.log
    Filesize

    60B

    MD5

    a764045c1199b36daa0811698ce1f92b

    SHA1

    9f367bac911d786b9d44e52585cb71afb24e7967

    SHA256

    5bee6dee7219fe42b556542a3fdec752f259c5375ccdf02f6fdef07ce5e07d52

    SHA512

    444fb66a75a5695127f881c6fb98920769e562213c7a9700af1d79eabd3753609b9caf787ad4c06bac9d72d0eaff40d32073fb368d104d787c06c78aaa6ecf10

    Download Submit

  • memory/1664-0-0x0000000025000000-0x000000002505F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/1664-1-0x0000000025000000-0x000000002505F000-memory.dmp

    Filesize

    380KB

    Download

  • memory/1664-2-0x0000000025000000-0x000000002505F000-memory.dmp

    Filesize

    380KB

    Download